Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/29/2016
12:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

ATTACKIQ EMERGES FROM STEALTH WITH CONTINUOUS TESTING PLATFORM

FireDrill challenges existing on-premise network and cloud infrastructures to help organizations continuously, automatically, and affordably attack, measure and improve their defenses

San Diego, CA – January 20, 2016 – AttackIQ today unveiled their highly anticipated SaaS platform FireDrill purpose-built to hold security controls accountable through live remote testing. Using safe indicators of attacks and scenario-based behaviors FireDrill pinpoints flaws, frailty, and vulnerabilities currently hiding within your network. Pre-built with hundreds of scenarios from across key industries FireDrill can be deployed in minutes and immediately reduce the cost, time, and effort in mitigating risk.

AttackIQ, in celebration of this launch, has also announced a two-week free trial of FireDrill to immediately demonstrate its power to help security teams assure resiliency.

What FireDrill Does, And Why

“The most thorough conventional evaluations cannot safely validate a security control against real-world attacks prior to purchase or deployment,” said Stephan Chenette, co-founder of AttackIQ. “Even after deployment, many security controls, regardless of how they are implemented have a high rate of failure, misconfiguration or obsolescence. We created FireDrill to end the confusion and bring accountability to security controls. The product was built with a simple promise, to continuously, easily, and affordably test all IT and security controls under live and current scenarios.”

During the past year AttackIQ’s FireDrill was made available to some of the world’s most targeted organizations to validate the solutions abilities and help create the hundreds of now proven scenarios available today. Sitting down with these users before FireDrill was made publically available it was clear the value they had realized.

“FireDrill provides my teams and me a baseline of truth into the security controls and cybersecurity suite we have deployed to protect our organization,” said Gary Hayslip, Chief Information Security Officer, City of San Diego. “It allows us to prove the funds spent on building our Security Operations Center provide value to our stakeholders, the City of San Diego.”

How FireDrill Works

FireDrill is a SaaS platform that replicates indicators of attacks and models network user behavior to pinpoint flaws, frailty, and vulnerabilities hiding within your network. The resulting intelligence, and recommendations, help you to more quickly improve the security posture of your technology, processes, and people. The FireDrill console and platform can be seamlessly integrated into a company’s infrastructure by either running inside of the network in “agentless” mode or for more concise and granular testing on the hosts that need to be validated and tested in “agent” mode. Both modes can work together to assess both network and host level security gaps, misconfiguration and validations. FireDrill combines these capabilities to allow teams to:

 

1.    Test

With one click users command FireDrill to run relevant scenarios related to adversarial modeling, validation, and security control testing on their network in a safe and controlled manner. Users have at their fingertips hundreds of proven scenarios and can quickly build their own cutting-edge test scenarios.

 

2.    Attack

FireDrill continuously collects intelligence and analyzes current attack techniques, tactics, and procedures to update the scenario library. Our user-friendly console then allows security teams of multiple skill levels to run up-to-date attack scenarios, analyze results, and create prioritized actionable reports.

 

3.    Measure

FireDrill’s real-time visibility provides a holistic and easy to understand view of security gaps within your network and automatically generates reports that exposes security gaps and misconfigurations.

 

4.    Improve

Reports detail which vectors make you susceptible to attack and detailed recommendations from FireDrill outline exactly what your team must do to improve segments of your network that are misconfigured or lack the correct technology controls.

"AttackIQ's FireDrill technology maximizes a security team's responsiveness by going further than the traditional tabletop exercise or red team,” said Ryan McGeehan, Former Director of Facebook Security.

About AttackIQ

AttackIQ was founded to bring assurance to security. The company’s landmark FireDrill SaaS platform provides automated, continuous, and remote security testing to pinpoint vulnerabilities in technologies, people, and processes with the detailed recommendations on how to plug those holes. Learn more and get started with our 2-week free trial at attackiq.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18986
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
CVE-2019-18981
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
CVE-2019-18982
PUBLISHED: 2019-11-15
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.
CVE-2019-18985
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 lacks brute force protection for the 2FA token.
CVE-2019-18928
PUBLISHED: 2019-11-15
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.